Hi All, I am trying to add rules to my policy that will selectively allow port 80 access to my DMZ servers. I can specifically code the source addresses for internal clients, but obviously not for the WWW users. If I add a line like - "any DMZ www accept fw-cluster" - I immediately make all specific rules for www access redundant !
So I need some way of identifying the Internet users with a global network object ? I could do this if I knew how to code a "negative" rule (ie "if the source address is not from my internal network, then it must be the Internet") but I can find no way of doing this in the Policy Editor. Just for the record, this is easier with PIX since the rules are applied relative to the interface. I know I can code access-lists in FW-1, but have never tried ; is this a solution ? Any suggestions.... please ! (while I still have some hair left ) Thanks in advance, Gordon _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
